Skirrel is a group of ski and snowboard enthusiasts, having over 10 years of experience on the slopes. Hitting the mountain with our friends is always an amazing experience, but we know all too well that practical ways to communicate while underway are almost non-existent. Trying to operate a phone in the freezing cold, while waiting for friends who - as it turns out - were on a different slope altogether, made us want to find a solution. Skirrel represents our approach of how communication on the slopes should work.

Traditional Security awareness seems to be a kind of burden and necessary evil. Online trainings were designed and rolled out but do not deliver expected changes in behavior. What should we do different? Or what works from your point of view? Incident Response plans are still quite weak and often not really tested in a real life scenario. How do you see IRP and handling?

Quite often I’m irritated by the AI hype for SOC services and the many tools claiming that they deliver best machine learning engines. From my point of view the AI tools are only part of a SOC strategy and AI is not the holy grail for Cybersecurity. As we say for years, AI needs learning and good data as a foundation for the intelligence. Does it really work? Do we need no people anymore? What is your experience with incident handling?

We see new technologies around the Blockchain arising in Fintech, new requirements for Open banking, Shipping industry becoming, connected cars, etc. world is changing. What does it mean for Cybersecurity strategies?

Our society is changing – we they connection everywhere and smart cities will change the way we live. But all changes that will benefit the good of the society will come with some risk, because we need connectivity, agility and data. So discussions around IoT, Cloud and Machine Intelligence are all round us. From your point of view is the biggest risk from a security point of view? What is limiting the digitization – on top of limited bandwidth due to missing 5G networks? What is your experience and recommendations with Cloud/IoT etc. implementations.
Hans-Wilhelm Dünn https://www.linkedin.com/in/hans-wilh…

We see massive investment in Cybersecurity, new technologies get hyped but we still see massive exposure and breaches. Why has the Security industry not succeeded or do we fight at the wrong hill? GDPR was hot all last year – but where are we now? What was/Is the impact of GDPR for Cybersecurity reality?

Single piece flow in a multi-step machining cell leads to batches to avoid changeovers. Not anymore!

The industrial automation startup FLEX-FLOW-CELL GmbH, specialized in automotive manufacturing equipment, took the entire process apart, created new controls, sensors and Artificial Intelligence, and the result is a multi-step single piece flow with autonomous in process change over. Currently being tested under live production conditions with no less than 7 in-process steps, each with own tools, additives and settings. Disruption in progress!

As follow up to SDG's and the Ethics of Technology, I ran a poll on Twitter to understand how my Social Media network thinks about the responsibility for the usage of technology. These are the results of that poll:

There are some interesting observations to be made from these results. Although there is no real majority for either of the options, the collective majority does believe that the creators and users of technology at least own the responsibility over the usage, either joined or individually. It is also interesting to see that the minority feels that governments and regulators carry this responsibility.

Regardless of who is responsible for the usage of technology, and whether or not this is matter of a case-by-case decision, or if there should be some common framework for responsibility, the main question is who should enforce (and when needed penalize) the responsibility. The answer to that is of course straightforward. Governments, multilateral / international treaties and bodies like the European Union and the United Nations.

The solution is however less straightforward. Aligning local legislation with multilateral frameworks is a complicated and time consuming process. Different concepts and legal definitions of liability, and especially restrictions on liability and their effect on third parties, complicate the matter even further.

GDPR demonstrates however, despite its limitations which will be addressed later on, that it is possible to create such frameworks, which clearly define the rights for all its citizens, including the responsibility and liability for execution, regardless of the location of the other party. The common pre-GDPR privacy abuse, which unfortunately still goes on in too many companies, also demonstrates that we need more, much more multilateral frameworks to regulate the creation and usage of technology.

MY OPINION

We have been able to learn how some companies and organizations respond to regulations and responsibilities in the recent years. The recurring data leaks and infringements of privacy regulations by Facebook for example, show us that companies are not only willing to break the rules for profit, but that they are even willing and able to continue doing so when there are no serious consequences.

The Panama-Files have showed us that companies and individuals are more than willing to find the loopholes in regulations to protect their profits, and the ruling is still open if all of it was fully legal. For now we know that at least some of it wasn’t.

And then there was, or still is, the Diesel-Gate scandal in which a significant part of the German auto industry demonstrated their willingness to cheat and commit fraud at the costs of their customers and the environment, to further increase their already good profitability…

These are only examples, and although I am fully aware that many companies will not follow these cases in point, these examples do demonstrate that the strive to increase profit will lead to criminal behavior by (some) decision makers. All the way up to the boards, as some Diesel-Gate revelations has shown. If there is anything we can learn from these discoveries in the recent years, it is that self-regulation is not an option!

On the other hand, purpose specific legislation is also not an option for several very clear reasons. First of all, technology is developing extremely fast and the pace of innovation will continue to increase. Developing legislation up till the point that these are executed by countries takes several years, especially when we look at international communities and multinational corporations. Purpose specific legislation would only lead to an ever growing gap between technology and the legal frameworks that should manage and control them.

In addition, purpose specific legislation has by its definition an enormous weakness which is even over amplified against the current setting of rapidly developing technology. The purpose will take a definition, and with the current pace of developments that definition will already be outdated before the draft legislation passes parliament.

A clear example of this is GDRP, which concepts originates from 2012. By the time it was implemented and became binding throughout the European Union in 2018, several principles were already overrun by new and unforeseen technologies, like e.g. blockchain and cryptocurrencies. The purpose specific definitions of data in GDPR assume that there is an owner of the data which is responsible and liable for the execution of GDPR compliance in its full extend. In a blockchain driven environment, there is no ownership of the data, nor is there a centralized institution which is responsible for GDPR compliance. Not to mention the challenges with the right to be forgotten once the distributed ledger technology has done what it is designed to do.

How long does it take until corporations will find ways to outrun purpose specific regulations and controls?

But let us not connect the challenges of purpose specific legislation to just blockchain, to avoid that this becomes a blockchain specific discussion. Digital Twins for example were also not a big thing in 2012, and most people are not aware that they already have a Digital Twin with for example credit score agencies. And every time a person shops online, there is a good chance that data about that person is exchanged with one or more credit score agencies. In some cases even before the person does the actual purchase, and definitely when that person selects one of the comfortable flexible payment options like instalment.

Several months ago I raised the question “does GDPR apply to the data stored in hashed digital twins?” in a panel of GDPR specialists, mainly lawyers, legislators, and consultants. Although there was a clear commitment to get back to me with an answer in a few days, that answer is still pending. What I did receive however are multiple requests from several members and participants to please explain once more what a digital twin is.

Digital Twins form a bigger GDPR and privacy challenge than Blockchain!

TECHNOLOGY NEUTRALITY

This leads to the conclusion that we urgently need technology neutral legislation, as advocated by Eva Kaili, Member of the European Parliament, Chair of European Parliament's Science and Technology Options Assessment body (STOA), and Full Member of the Industry, Research and Energy (ITRE) Committee. (Website Eva Kaili)

All new EU-legislation should be guided by the ‘innovation principle’. This means that the potential effect of legislation on innovation should be investigated during the impact assessment phase of the legislative process. Technology neutrality in every level of legislation should be a core element of this.

Technology Neutrality will encourage innovation by creating transparency about the legal framework, just as much as it will encourage rapid adoption of new technology by creating transparency about usage, conditions and controls. By doing so, it will solve an innovation hindering circumstance which slows down most initiatives for developing and implementing new technologies, being the uncertainty about the legal framework.

As proud citizen of the European Union, I not only fully support this definition. I also hope that the EU will take the lead in implementing technology neutrality in all fields, including liability and controls.

Eva Kaili on Twitter

ABOUT THE AUTHOR

Dr. ir Johannes Drooghaag, CEO and founder of Spearhead Management, is an established executive, consultant, coach, author and keynote speaker, who approaches new technology with open arms and a critical view. As certified and experienced RED TEAM trainer, he brings being the Devil's Advocate to a new level of constructive analyses and solution finding. Dr. ir Johannes Drooghaag is active in the fields of Leadership, Cyber Security, Blockchain, Industry 4.0, Artificial Intelligence and Agile Business Management. Promoted in Applied Information Technology, Manufacturing and Operations Management, and over 30 years of hands-on experience make Dr. Johannes Drooghaag a pragmatic leader, consultant and speaker.

In a lively discussion about blockchain and disruption, once again the question was raised “what will disrupt blockchain?”, and the answer to that question is as simple as it is straightforward. Blockchain itself will disrupt blockchain.

As carrier for disruption of many industries and applications, blockchain has become a catalyst for change and transformation. Although not yet in full scale implementation besides some successful crypto-currencies, the potential is clearly identified. Unleashing that potential into real-life and large-scale applications of blockchain based platforms will quickly turn the power of disruption on blockchain itself.

The prime USP’s of blockchain based technology are decentralization and encryption, creating a trustless environment with security-by-design. As soon as we take a closer look under the hood of this “new” technology, we quickly identify that there isn’t that much new technology involved. Analyzing the concept of decentralization beyond the label, it is true that there isn’t a central trust- or owner-body for the data involved but there are other levels of centralized control which make it significantly less decentralized as it appears. And then there is the matter of resources required to build and operate a blockchain based platform, especially when the scale goes beyond the miniature implementations we have seen so far!

Those are however all problems and challenges “underneath the hood” of the concept, and the evolution of blockchain and its technology will eventually solve these challenges. Nonetheless there is a much bigger challenge to be addressed, and experts recognize that there might not be a short term solution: legislation and compliance.

Before blockchain based technologies can become mainstream large-scale and real-life applications beyond cryptocurrencies, blockchain needs to be disrupted!

Organization

Blockchain based technology offers in theory a decentralized trustless system which is not directly controlled by an organization or a government. In short, the power of control over the system and its content is decentralized.

In reality however, blockchain enabled platforms are under centralized control at an entirely different level. For example, the mysterious founder of bitcoin Satoshi Nakamoto, whomever he or she may be, determined the design and implementation of Bitcoin, and neither the distributed ledger nor the peer-to-peer protocols can change that. Proof of work, proof of stake, a hybrid or any of the other consensus protocols, are decisions made by the originator of the blockchain enabled platform.

In a hard fork of Bitcoin Cash in Bitcoin Cash ABC and Bitcoin Cash SV, not much unlike the Linux kernel fork and related disputes between Alan Cox and Linus Torvalds, the unity and consensus on future development of Bitcoin Cash has been broken permanently and there is likely more to come. This fork demonstrates clearly that there are still groups of people and stakeholders determining the future of blockchain and crypto currency platforms, as much as it demonstrates that their interests can make or break a platform in the same way as the stakeholders of a so called centralized platform can.

What the advocates of decentralization and their believers do is present the distributed ledger and peer-to-peer aspects of blockchain as a unique feature of a decentralized platform. And they do that knowing (or at least we should hope that they understand what blockchain enabled platforms are) very well that blockchain platforms are not really decentralized. Not from a technology perspective and not from a control perspective. Comparing blockchain with centralized platforms, and emphasizing the alleged decentralization benefits of blockchain in its current form, is as valuable as comparing apples with apples. They might taste different, they might look different, but they are still apples.

After an initial phase of skepticism and reluctance, big players are entering the market and develop blockchain enabled platforms. They design and develop the platforms, make the critical decisions about the protocols, structures and fees. An essential ingredient of the strategy of large technology providers is to protect their IP with patents, and there are currently already well over 2,000 blockchain related patents, further breaking down the decentralization myths around blockchain.

A further nail in the coffin of the myths around the decentralization of blockchain enabled platforms is the rise of private blockchain platforms and platforms based on pre-minded blocks by the originator. Decentralized? Not really!

Technology

Even when blockchain and cryptocurrencies are a thing of this decade and their real breakthrough debut still hasn’t reached the first lustrum, the technology which enables blockchain platforms is decades old. To be more precise, the concepts and maiden implementations originate from the 70’s and 80’s. Public key encryption, cryptographic hashes, Merkle trees, peer to peer distribution, and yes even the famous distributed ledger technology and consensus protocols find their roots between 30 and 40 years ago. For example as references and proof-of-concept in the section “Challenges and opportunities to create digitized traceable transparency in production and supply chains” of my dissertation in 1987.

What is rather unfortunate, is that additional and significantly improved concepts, like for example selective peer-to-peer distribution and asynchronous Merkle trees, which are also decades old and would have eliminated several major weaknesses of today’s blockchain and cryptocurrency platforms, didn’t make it to the current implementations (yet)!

Taking components of existing technology and reassemble them into a new application is by itself a form of low-risk disruption, and as such not a bad idea. Given the many weaknesses and restrictions of blockchain technology, it is high time to add true innovation to the mix. When we however review which devastating impact today’s blockchain and especially cryptocurrencies have on our battered environment, we can only conclude that these innovations are long overdue!

Before blockchain enabled technology can leave the stage of the miniature implementations it is in today, and become a reliable mainstream and widespread technology, the technology which determines the speed of transactions and its ability to process high volumes of transactions need to significantly improve. Drastically improve, as a comparison of payment platforms clearly demonstrates for example. In this context it is important to understand that payment platforms like VISA can scale up rapidly when needed and on the other hand, Bitcoin already reached its technology defined physical limitations.

There is good news on the horizon. New platforms and major players which are entering the market are stepping away from the first blockchain concepts and actively design solutions which can do significantly more than what we see today. A very promising example is Credits.com, definitely worth checking to see what blockchain can actually achieve in volume and speed.

Resources

It should be well known by now which negative impact the mining of proof-of-work based blockchain platforms and cryptocurrencies have due to their energy consumption. Not just for the systems themselves, also for the network infrastructure and let us not forget the electricity consumption to cool the systems which are generating heat.

In short, these combined have done nothing less than adding a country the size of The Netherlands to the global electricity consumption for the sake of profit, in a day and age where we all and without exception should focus on reducing carbon exhaust to save our planet from total destruction. This is unsustainable and should have been addressed long before it came to this unacceptable level of exploitation of the environment!

There is more than the extreme energy consumption. To be able to make a profit on the mining of new coins, hundreds of thousands of not millions of powerful systems have been build and installed. Systems and infrastructure is build using rare metals. Most systems and their components include aluminum, antimony, arsenic, barium, beryllium, cadmium, chromium, cobalt, copper, gallium, gold, iron, lead, manganese, mercury, palladium, platinum, selenium, silver, and zinc. Not only are most of these metals rare, the mining process itself is causing serious damage to the environment.

And this is where it becomes really nasty, metals like cobalt are mined using child labor!

At this point it is important to understand that proof-of-work itself is not the real problem. The problem is the proof-of-work based consensus protocols in which incentives on brute-forcing en masse invite the block/coin mining farms to cause significant damages to our environment. There are better technical alternatives available since several decades which can achieve the same level of encryptions and security, without drastically decreasing the lifespan of our planet. These would however offer significantly lower incentives and therefor attract less miners. Once again, it all evolves around the profitability without reflection of the impact.

Besides the energy hungry consensus protocols based on proof-of-work and some of the other variations, there is the impact of peer-to-peer based distributed ledger which would enforce a large scale blockchain implementation to distribute the entire strain of data in the blockchain over all active nodes in the network, including the related hashes to previous data.

Legislation and compliance

Among the top priorities of (almost) every government is its ability to collect taxes, which is reflected in a significant part of the legislation. At a global and local level, there is also strict regulation on Anti Money Laundering (AML) and Terror Financing, which for example place strict responsibility and even liability on executing processes known as Know Your Customer (KYC) and Know Your Business (KYB). The highly praised anonymity of blockchain and cryptocurrencies are a preprogrammed conflict with these requirements, and it will most likely not take long until regulations will kick in with restrictions.

The ultimate goal of blockchain is as Bill Tai, a profound advocate of everything blockchain and cryptocurrency, puts it: “So we are right now at that point where assets because of the blockchain can be connected to a gigantic network so every single asset in the hands of every single person can broadcast itself to find its buyer or seller.”

Before this can become a reality, legislation will need to be adapted to support, recognize and even accept such environment. And that will take many years, as we can see for example with the timeline of GDPR, which in its essence is significantly less complicated than the legislative adaption which will be required to create blockchain AML, KYC, KYB, TF and asset registration compliancy.

Disrupted Blockchain 2.0

Blockchain will not eliminate fraud or cure diseases, and cryptocurrencies in its current form will only exist until governments have found ways to control it like fiat currencies.

What will come soon is a disrupted blockchain, disrupted by blockchain itself. High volumes enabled by new and efficient consensus protocols. Drastically reduced energy consumption by improved data transmission protocols and an overdue farewell to proof-of-work. Increased security and data validation algorithms and protocols which no longer depend solely on the size of the network. Significantly improved scalability through consolidated, broadcasted and clustered ledgers.

With big players entering the market, both as solution provider and as integrator, the share of private blockchain versus public blockchain will tilt, and private blockchain platforms will form the majority within the next 5 years. These major players in combination with the growing amount of private blockchain platforms will also lead to reducing share of open source in the blockchain sphere.

Integration of blockchain and systems will finally become a priority, and blockchain technology will be surrounded by API’s and data mapping solutions. Bluntly said, blockchain will go a similar path as SQL did. Once a true innovation with enormous emphasis on the potential, followed by being a must-know tech, and now “just a tool” which is gradually being replaced by better, faster and more efficient tools and methods.

Bitcoin et al? The mix of hard to trace and unsustainable energy consumption will eventually lead to countries starting to prohibit mining or even usage as payment and asset/wealth storage. New and better platforms will cause declining interest in this Crypto 1.0 currencies. As advocate of SDG’s, that day can’t come fast enough for me!

About the author

Dr. ir Johannes Drooghaag, CEO and founder of Spearhead Management, is an established executive, consultant, coach, author and keynote speaker, who approaches new technology with open arms and a critical view. As certified and experienced RED TEAM trainer, he brings being the Devil's Advocate to a new level of constructive analyses and solution finding. Dr. ir Johannes Drooghaag is active in the fields of Leadership, Cyber Security, Blockchain, Industry 4.0, Artificial Intelligence and Agile Business Management. Promoted in Applied Information Technology, Manufacturing and Operations Management, and over 30 years of hands-on experience make Dr. Johannes Drooghaag a pragmatic leader, consultant and speaker.

We live in the fascinating age of exponential technologies. Different fields are converging at a rapid pace and value is created at their intersections. As the focus of innovation transcends areas it becomes increasingly abstract, upping the game for all in the accelerated disruption race. The Appetite for Disruption videos by the Disruption Disciples Zurich Chapter provide innovation essentials to successfully compete for the future.

In the “Crucial Concepts” Chapters we share the essentials of innovation, disruption and uptake. We look at how to select
investments and how to best present and build ventures. Everything is amplified and accelerated in today’s globalized arena of hypercompetition yet the fundamentals still apply. Get them down pat and then get in the ring.

Creating a band, building its catalogue, brand and audience all the way from a garage to an arena is very much like bringing a technology or any kind of innovation to market. Let’s hear from somebody who has been through exactly this.